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ELECTRONIC SIGNATURE ADDFITON (2) an entity verification function of guaranteeing that an 

METHOD, ELECTRONIC SIGNATURE entity A (e.g., person A) engaged in actions such as 

VERIFICATION METHOD, AND SYSTEM generation, transmission, processing, storage, and determi- 

AND COMPUTER PROGRAM PRODUCT nation of informaUon is actually the entity A. 

USING THESE METHODS S tvjore specifically, assume that some problem is posed 

between the entity A and an entity B on information written 

BACKGROUND OF THE INVENTION by the entity A. In this case, the electronic signature has (1) 

•nie present invention relates to a method of adding and ^ ^^'^^^^ °J ^"^^S the B side to verify that indeed the 

verifying an electronic signature added to document data in s'^'^^*" ^hc message at issue is A, and the entity B can 

order to authenticate the validity of the document data and '° f ^^^it an evidence which expliciUy indicates this fact and 

a system using this method and, more particularly, to a (2) a ftinction of inhibidng B from drafUng a counterfeit 

method of effectively prevenung alteration of document message and asserting that the "sender of this message is A . 

data, and a system using this method. "Hie signature data generation sequence on the transmit- 

In recent years, systems for electronically converting ^ide will be described in detail with reference to FIG. 
(encoding) document information represented by E-mails 

and transmitting/receiving the encoded document informa- A whole text 1001 is converted mlo a compressed text 

tion are very popular. The received electronic document i-^- ^'^ digest 1003 by conversion processmg usmg a 

information is normally accumulated in a magnetic record- function 1002. 

ing medium or the like and can be partially cited. ^ The hash function is a one-way fimcuon for converting 

Documents are generally classified into those having ^^^^^ ^^^^ having an arbitrary length into distal data 

contents that can be accessed by only authorized parties and ^^^^"5 ^./^'^^^ length Accordmg to the charactenstic fea- 

those having contents that can be accessed by indefinite ^""'^ °f ^« "^f ^ f^^^^^^""' '^/j^ ^f"** to estimate the 

parties. For example, the former documents correspond to onginaldata from the converted data, and the converted data 

dectronic document information having contents associated 25 ? ^^^^^^^ ^^"^om number. By these features long 

with confidentiality of individual business enterprises and ^a'* ^""^jV ^^^^^ encr>pUon. When 

personal privacy. The latter documents correspond to elec- the fixed-length chgital data, i.e., the message digest gener- 

tronic document information having contents that a business ^ted by the hash funcUon is encrypted, an effect equivalent 

enterprise, a person, or a public organization intends to L° T^'^'^fr^VT pp^^^^^^^^^^ 

inform the third party of events and infomiaUon. The 30 ftinctioms MD5 reference: RFCl 321 The MD5 Message- 

electronic document information of the former document AlgonthmJ. ^ - . ^ 

can be encrypted and kept secret from a person who does not The digest 1003 is encrypted using information known to 

have a decryption key. The electronic document information only a user himself as a key 1004. Akey used here is asecret 

of the latter document is a free access plaintext. key of asymmetric key encryption scheme. In parUcular, 

The contents of the electronic document information of 35 ^SUl"" ^ u a 
the latter document may be illicidy altered because this ^^ure 1005 generated as descnbed above is trans- 
information is normally a plaintext. In particular, pubUc ^'^^^ together with the text (1006 m FIG. 19) and verified 
information (electronic information) is often the target for a receiving side. 

grapevine or information aheration. If such an illicit act RSA scheme will be bncfly descnbed. 

happens, the social influence becomes serious. <o The RSA is a system devised by R. L. Rivcst, A. Shamir. 

To verify that the contents of an electronic document are L. Adleman. This technique depends on modulo expo- 

not altered, electronic signature data is added to the elec- ^^^^-^ parameter pair consisUng of a public exponent and 

tronic document, as needed. Tliis electronic signature data ^" anlhmeUc modulo are defined as a pubhc key. whereas a 

verifies that ''an electronic document with the electronic Parameter pair consisting of a secret e^onem and an 

signature is indeed drafted by a public organizaUon and is *5 anthraetic modulo are defined as a secret key. ThK asym- 

not illiciUy altered information or a grapevine". ^^^^ ^»eonthm uses the following symbols and abbrevia- 

The principle of an electronic signature will be described ^^^^^ ^^^^^^ ^^^^ ^^^^^^^.^ ^^^^^^ 

by taking an E-mail as an example. ' 

HG. 19 shows a conventional processing flow of an "* ^"^hmeUc modulo 

E-mail to which an electronic signature is applied. ^^^^^ exponent 

(1) When sending a data text to a receiver, the transmitting d: secret exponent 

side compresses the data text to generate a digest p, qr pnme number; product of pnme numbers p and q is 

(compressed text), encrypts the digest with the secret key of arithmetic modulo (n) 

the transmitUng side to generate data (compressed encrypted 55 Icm- least common multiple 

text) called a digital signature, adds the digital signature to mod n: arithmetic modulo n and uses the exponential 

the data text, and transmits the resultant data. ftinctions for transferring a data block; 

(2) The receiving side uses a public key conesponding to Y=X*c mod n (where, OgX<n) 
the secret key of the transmitting side to decrypt the digital X=Y*d mod n (where, 0^ Y<n) 

signature data added to the daU text, thereby obtaining the ^ For example, these functions are satisfied by the follow- 

original digest data. At the same time, the receiving side ing solutions: 

compresses the received data text to generate digest data. ed mod icm (p-1, q-l)-l or 

The receiving side then compares these two digest data and ed mod (p-1) (q-l)-l 

can determine whether the data text is correct Jn order to validate this processing, the data block must be 

As described above, the electronic signature has (1) a 65 interpreted as an integer, 

message verification function of guaranteeing that infonma- In this case, (e, n) is disclosed to the public, and d is the 

tion is not altered and is correct as original information, and secret key. The digest is encrypted using the secret key d in 
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ihe signature. Anyone can generate a digest, but it is very A person who intends to alter a document devises the 

difficult to derive the secret key d from the disclosed (e, n). altering method so that the message digest of the altered 

For this reason, in fact, only the user himself who knows the document matches the message digest before alteration. For 

secret key d can afSx the signature. However, since (e, n) is this purpose, for example, an unprintable character can be 

disclosed to the public and these parameters satisfy the s used. 

above predetermined calculation expressions, anyone can More specifically, if several unprintable characters are 

decrypt the encrypted signature and verify the signature. inserted in this document in altering a document, it may be 

The signature verification sequence on the receiving side possible to generate the same message digest as in the 

will be described in detail with reference to FIG. 21. document before alteration, although the meaning of the 

The receiving side generates digest 1 (1011 in FIG. 21) document is altered, 

from a predetermined hash function 1002 from the text of a For example, the "fee is 10,000 yen." is altered to the "fee 

received message 1006 with a signature. By using an RSA is ioO,000 yen." When this altered document is converted by 

public key 1010, the receiving side decrypts the signature ^ ^ash function to generate a digest, the digest does not 

added to the text to generate digest 2 (1012 in FIG. 21) as coincide with thai of the digest of the document before 

a compressed text generated by the wntcr of the text. Digests alteraUon, thereby detecting alteration. To the contrary, 

1 and 2 are compared with each other (1013). If digest 1 15 ^^en an unprintable character such as a space (_) is inserted 

comades with digest 2. the text is a message drafted by the ^j^^^^^ document to obtain the «'fcc is 100,000 yen." 

person who appended the signature (1014); otherwise i is ..^^ ^ ^ ^^.^^^^ 

possible to detect a wrong signature or alteration of the ^, - ~ , . l 1 f t .l- 

/iftig\ with the ongmal digest can be found. In this case, the system 

"^The electronic signature can prevent alteration of 20 determines that no alteration is made. Sine* the space is not 

documents, and rchability of the contents of documents can P"^'«*' alteraUon cannot be found upon visual observaUon. 

be maintained Conventionally, on the receiving side of a document 

\^rious problems are posed by the conventional elec- ^^dded with an electronic signature no clue has been given 

ironic signature method described above. »^ ^o the possibility of the above alteraUon or reliability of 

The first problem is experienced when part of an E-mail 25 document, 

text is cited and the cited portion is transmitted. BRIEF SUMMARY OF THE INVENTION 

More specifically, according to the conventional elec- ^ therefore, the first object of the present invention to 

tronic signature method, an electronic signature LS added to -^^ ^„ electronic signature addition method and an 

a whole text. When a ^ven block of the text is cited, the electronic signature apparatus, capable of verifying a given 

electronic signature is of no use for the cited block. That is 30 ^-^^^ electronic document with an electronic 

one often wants to cite a paragraph as a block of an E-mail sig„amre even if the given message is cited from the 

text, which has a meaning by itself and is vcnfiable not to electronic document. 

have been altered. Even in this case, an electronic signature ^^^^ ^^^^^ .^^^^^^^ ^ ^^^^^ 

of the writer cannot be added to the given paragraph electronic signature addition method and an electronic 

according to the conventional method. For example, when 35 . ^ ° ui c • j 

, , °. , . J. ..J signature apparatus, capable of processmg a document as a 

only the given paragraph is cited and Uansferred o a third „o^„„it,red document when a control character such as a 

party, the third party cannot venfy the source of the given ^^^^^ ^ j.^^ ^^^^^ ^^^^^ ^ ^^^.^^^^ ^.^^ ^^^^ 

paragrap • meaning of a document with an electronic signature is 

More specifically, as shown in HG. 22, assume that an inserted! i.e.. when the meaning itself of the document is not 

electronic signature X is added to a message consisung of ao ^^^^^.^^ 

messagesl,2, and 3 written by the entity A, and the resuh ant t. • V i.- j u- r.u .• . -j 

data is transferred to the entity B. Thereafter, the entity B '^"^ of the presem invenuon to provide an 

, „ - c „ 1,„^^„„„ „.„i.„„ k,. tu^ electronic signature verification method capable of esUmat- 

cites only message 2 from the message wntten by the entity . , ^. ..... ^ ■ c ■ • e 

A and writes a message consisting of messages a, 2, and b. ^"8 an alteration possibility and in form mg a receiver of an 

adds an electronic signature Y to them, and sends the 45 "^arm by providing an algorithm for prevenhng reliability o 

resultant data to an entity C (it is assumed that the message electronic signature from degrading due to msertion of 

a describes that the writer of message 2 is A). In this case, unpnntablc character m a text. 

the entity C cannot verify whether the writer of message 2 order to achieve the above objects according to the first 

is A as the entity B maintains. a^P^*^! ^f the present invention, there is provided a method 

In order to avoid the above inconvenience, m the above 50 of adding an electronic signature to document data, com- 

detailcd example, to allow the entity B to Uansfcr only pnsing the steps of: 

message 2 to the enUty C, the entire message consisting of dividing the document data into a plurality of divided 

messages 1, 2, and 3. and its electronic signature must be document data using as a delimiter a predetermmed 

transferred, resulting in inconvenience. character appearing in a document represented by the 

The second problem is posed when an E-mail text is 5S document data; 

edited and transferred. generating an electronic signature for each of the divided 

More specifically, assume that the whole message is cited. document data on the basis of the divided document 

In this case, when editing involving no character printing is data; and 

performed, i.e., when a line return or a blank (space) is storing the divided document data, the electronic signa- 

cntcrcd amidst the document, the conventional electronic 60 turc based on the divided document data, and informa- 

signature mechanism detects that the document has been lion for associating the divided document data with the 

altered, although the meaning of the document has not been electronic signature. 

changed. Under these circumstances, it is very useful detect- With this arrangement, since the validity of the document 

ing that the document is not altered when the meaning of the can be determined in units of divided document data, even 

document has not been changed. 65 if each divided document data is cited together with an 

The third problem is posed when a document is inien- electronic signature the validity of the cited portion can be 

tionally altered. determined. 
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According to the second aspect, there is provided a FIG. 6 is a flow chart showing a signature verification 

method of adding an electronic signature to document data, processing sequence according to the first embodiment; 

comprising the steps of: FIG. 7 is a flow chart showing another signature verifi- 

storing the document data upon excluding a predeter- cation processing sequence according to the first embodi- 
mincd character appearing in a document represented ^ mcnt; 

by the document data; FIG. 8 is a block diagram showing the arrangement of an 
generating an electronic signature on the basis of the electronic signature adding apparatus according to the sec- 
document data from which the predetermined character ond embodiment of the present invention; 
is excluded; and FIG. 9 is a flow chart showing a signature adding pro- 
storing the document data from which the predetermined cessing sequence of the second embodiment; 
character is not excluded, the electronic signature, and FIG. 10 is a flow chart showing a processed signature 
information for associating the electronic signature message generation processing sequence in a delimiter char- 
with the document data from which the predetermined acter detector; 

character is not excluded. piQ ^ ^^ ^ table showing unprintable characters in ASCII 

Wth the above arrangement, when a control character codes- 

such as . space or a line rehirn which t not associated with ^ arrangemcm of an 

|hc m«nmp of a docnmcnt m<h an dectromc sign tnre .s yj^ciion appLus according to the 

inserted m the document by scttmg a specific character, i.e., ^^^ond embodiment- 

when the meaning itself of the document is not changed, the ' . . . . 

document is determined not to have been altered. "G. 13 is a flow chart showing a signature venficaUon 

In addition, with the above arrangement, use of an processing sequence according to the second embodiment; 

unprintable character in altered document data to obtain RG. 14 is a flow chart showing another signature vcri- 

validity using an electronic signature can be prevented. fication processing sequence according to the second 

According to the third aspect, there is provided a method ^ embodiment; 

of evaluating reliability associated with alteration of docu- piG. 15 is a table showing the calculation result of the 

ment data with an electronic signature, comprising the steps maximum number of unprintable characters assumed to 

of: allow alteration with a probability of 1/10,000 or less by 

obtaining a total number of printable characters in the using the number of characters of a document (number of 
document data and a total number of unprintable char- 30 valid characters) and the bit length of a digest as parameters; 

acters in the document data; and FIG. 16 is a view showing a signature reliability degree 

evaluating reliability on the basis of the total numbers of calculation program; 

printable and unprintable characters. piG. 17 is a block diagram showing the arrangement of a 

With the above arrangement, the reliability of the elcc- reliability evaluation apparatus according to the third 
tronic signature can be calculated to allow evaluation of the 35 embodiment of the present invention; 

alteration possibility on the basis of the total numbers of -^g ^ ^j^^, showing a reliability cvaluaUon 

printable and unprintable characters. processing sequence of the third embodiment; 

AdditionalobjectsandadvanlagesoftheinvenUonwillb^ ^ ^ ^ explaining a conventional 

set forth in the description which follows, and m part will be ^^^K,„;cm. 
^. - u \ ju. ^« electronic signature mechanism; 

obvious from the dcscnpuon, or may be learned by practice 40 & , . . . . . 

oftheinvention.Theobjectsandadvantagesoftheinvention FIG. 20 is a flow chart for explaming a conventional 

may be realized and obtained by means of the instnimen- clectromc signature addmon method; 

talities and combinations particularly pointed out in the FIG. 21 is a flow chart for explaining a conventional 

appended claims. electronic signature verification method; and 

FIG. 22 is a view for explaining partial document citation 

BRIEF DESCRIPTION OF THE SEVERAL ^^^^ conventional electronic signature. 
VIEWS OF THE DRAWING 

m accompanying drawings, which are incorporated in DETAILED DESCRIPTION OF THE 

and constitute a part of the specification, illustrate presently INVENTION 

preferred embodiments of the invention, and together with 50 preferred embodiments of the present invention will 

the general description given above and the detailed descrip- described with reference to the accompanying drawing. 

Uon of the preferred embodiments given below, serve to ^ embodiment of the present invendon comprises an 

explain the pnnciples of the invention. electronic signature addition system for adding an electronic 

FIG. 1 is a block diagram showmg the an-angement of an ^jg^aturc (o communication data such as an E-mail and an 

electronic signature adding apparatus according to the first electronic signature verification system for verifying the 

embodiment of the present invention; electronic signature contained in the received communica- 

FIG. 2 is a flow chart showing a signature adding pro- ^ata. These systems are normally installed in a terminal 

cessing sequence of the first embodiment; device for transmitting electronic data, a reception terminal 

FIG. 3 is a flow chart showing a signature message device for receiving the electronic data, and a communica- 

generation processing sequence in a dehraiter character tion medium for connecting the transmission and reception 

detector; terminal devices. 

FIG. 4 is a view showing an example of a message with The communication medium is typically a computer 

electronic signatures; network, but may be a portable information recording 

FIG. 5 is a block diagram showing the arrangement of an 65 medium such as a floppy disk or a CD-ROM. Alternatively, 

electronic signature verification apparatus according to the the medium itself may function as an electronic signature 

first embodiment; addition system or electronic signature verification system, 
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i.e., a computer device such as an IC card including a radio The divided document information is interposed between, 

communication unit, a processing unit, and a storage unit. e.g., ##SN=" and "##" and inserted before or after the 

signature message. 

First Embodiment 

5 As shown in FIG. 1, the digest generator 4 applies a hash 

The first embodiment of the present invention will be function 6 to this signature message (containing the divided 

sequentially described with reference to an electronic sig- do^^nj^jji information) to generate a message digest (step 

namre addition syslein and an electronic signature venfica- ^ j^^^^ ^^^^^^^ ^ ^-^ ^^^^^^ jj^^ 

Uon system in the order named. ^.^^^ used in this conversion are predetermined. In this 

The electronic signature addition system will be described embodiment, "MD5" is used as the hash function 6. and the 

bit length of the digest is 128 bits. When SH A is used as the 

FIG. 1 is a block diagram showing the arrangement of this ^ash function, the bit length of the digest becomes 1 60 bits, 

system. Although not shown, this system is implemented by ^^^^ algorithm may be used as a hash algorithm. Note 

necessary peripheral devices such as a memory in addiUoo ^^^^ ^ ^^^^ function used in conversion may be set 

to a CPU. 15 selectable, and information representing a hash function (or 

The system is installed in, e.g., a transmitting terminal ^^^^ function and the bit length of the digest) used in 

device, and comprises a delimiter character detector 2, a practice may be added to a signature-added message, 
digest generator 4, an encrypter 8, a secret key memory 10, 

and a signanire -added message generator 12. The encrypter 8 encrypts the digest using the self secret 

A data text in FIG. 1 is, e.g., the whole text of an E-mail, 20 key stored in the secret key memory 10 (step S33 in FIG. 2). 

i.e., a whole text added with a signature. The data text is The digest thus encrypted is used as an electronic signature. 

typically a document constituted by a plurality of message or The RSA scheme is used as an encryption scheme. 

paragraphs. above secret key must be kept secret against others. 

The delimiter character detector 2 has a function of example, an IC card may be used as the secret key 

detecting a predetermined delimiter character from the data 25 ^^^^^ ^(^^^^ ^^^^ ^corded on the IC 

text and dividing the data text into signature message each ^^^^ jj^^ ^^^^ card reader (not shown) 

having a delimiter character at Je end of the message and j^^ccssary, and the secret key read by the IC card reader 

an appropriate length (see step SU m FIG. 2). transferred to the encrypter 8. Alternatively, a 

The deUmiter character to be detected can be defined as an plurality of secret keys may be prepared depending on 

arbitrary position symbol or a plurality of characters. For destinations 

example, a period "." can be used. Alternatively, an end-of- 

messagc character "ASCII: nl-OA (hex)" and an cnd-of- The signature-added message generator 12 adds the elec- 

paragraph character "ASCII: cr=OD (hex)" may be used. In tronic signature thus obtained to the signature message (step 

addition to the period a plurality of delimiter characters $14). in this embodiment, the electronic signamre is inserted 

such as a comma a closing bracket "]", a closing brace after the signature message to generate a signature-added 

"}", a closing parenthesis")", the end-of-mcssage character message. An electronic signature may be inserted before 

"ASai: nl-OA (hex)", and the end-of-paragraph character ^.^ch signatuire message, or all the electronic signatures may 

"ASCII cr»OD (hex)" can be used as detection targets, as ^e inserted altogether before the entire document, 
needed. Various other delimiter characters can be defined. 

As shown in FIG. 1, the delimiter character detector 2 has *° The above processing is repeatedly executed until the data 

a limiter character list 14. The defined delimiter characters t«t reaches the last character or sentence (step S15). More 

are stored in this delimiter character list 14 in advance. specifically, it is determmed m step 815 whether the current 

FIG. 3 shows a processing sequence of this delimiter signature message is the last sentence of the data text If NO 

character detector 2. The detector 2 extracts the first char- 45 ^tep S15, the flow returns to processing of the delimiter 

acter from the data text and stores it in a buffer (not shown) character detector 2 in the delimiter detection step SIX. 

(step S21). It is then determined whether the character stored Processing in step SU to S14 is repeated until the end of the 

in the buffer is a predetermined delimiter character regis- data text. 

tered in the delimiter character list 14 (step 522). If NO in As a result of this processing, for example, a message with 

step 822, the next character is extracted from the data text 50 g^own in FIG. 4 is obtained. The electronic 

and stored in the buffer, and the above operations are • ^ • . j t. • . /j- m j 

, ^ .u.-f^ * signatures arc inserted after the signature message (divided 

repeated. Several characters from the start of a document arc *• .u , .i. • *, ^.^.^^^ „™„ 

^ , ^ r. ■ L / u .. ■ A " »\ messages), so that the signatures are inserted at proper 

rarely dehmitcr characters (comma or period •)•.,''.. ^ 

Therefore, the above processing is repeated for a plurality of intervals in the data text. 

characters. S5 Information indicating electronic signature data is pref- 

When it is determined in step 822 that the character stored erably contained in the electronic signature. For example, 

in the buffer is a delimiter character (e.g., extraction reaches data obtained by interposing an electronic signature body 

a comma or period "."), a character string including this j^ta obtained by encrypting a digest) between 

delimiter character in the buffer is obtained as one "signature "##Sigoature-" and "##" can be used, 
message". The signature message is output from the buffer 

(step S23). and then the buffer is cleared. Each electronic signature must contain information asso- 

In this case, the delimiter character detector 2 adds ^^^^^ ^"Sinal document, informauon associated 

divided document information to the signature message with division, signer mformaUon, and a signature method so 

(step S24). This divided message information represents a as not to lose vahdity even if each signature message 

sequence number representing the serial number of the 65 (divided message) is used in other E-mails. The format of 

signature message from the beginning, signer information this electronic signature is constituted in, e.g., the following 

(signer ID), a document name (document ID), and the like, table. 
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TABLE 1 



Format of Electronic Signataie 



First field 


1 bjle 


Version auoibcx 


Sccorxl field 


1 byte 


Length up to seventh field 


Third field 


I byte 


Signaturr type 


Fouith field 


4 bytes 


Date of signature 


Fifth field 


0/2 bytes 


\%]id signature period 


Sixth field 


32 bytes 


Divided document informatian 




Signer ID 






Doctuneat oatne 






Document serial number 


Seventh field 


8 bytes 


Key ID 


Eighth field 


I byte 


Public key encryption scheme 


Ninth field 


1 byte 


Hash function scheme 


lOlh field 


2byt£s 


First two types of message digest 


lltb field 


v&ruhle 


Elecuonic tignature body 




length 


(eiu:Typted message digest) 



The format of the electronic signature comprises the first 
to lOlh fields serving as an electronic signature header, and 
the 11th field for storing the electronic signature body. The 
first field is used for the version number of the signanire 
format. The second field represents the length up to the 
seventh field. The third field represents the type of signature. 
The fourth field is used for the date of signature. The fifth 
field stores the valid date of signature, but the valid date may 
not be set. 

The sixth field records a divided document message. This 
divided message has signer information (signer name and 
ID), a document name, a divided document serial number, 
and the like. The information stored in the sixth field 
includes all or part of the divided document information 
inserted in the signature message in step S24 of FIG. 3. 

A key ID is stored in the seventh field. By using this key 
ID and the signer, a public key to be used by a' receiver can 
be specified. A public key encrypting scheme used can be 
specified by the eighth field. 

Information for specifying a bush function (e.g., MD5) 
used to generate a message digest is stored in the ninth field. 
The first 2-bytc information of the message digest is stored 
in the 10th field and is used to check the signature. 

The llih field stores the electronic signature body, i.e.. 
data obtained such that data obtained by adding information 
(divided document information) contained in die sixth field 
to the signature message is multiplied with the hash 
function, and the product is encrypted using the secret key. 

The electronic signature verification system of this 
embodiment will be described. 

This system is installed in the reception terminal. FIG. 5 
is a block diagram showing the arrangement of this system. 
FIG. 6 is a flow chart showing a signature verification 
processing sequence in this electronic signature verification 
apparatus. 

As shown in FIG. 5, this electronic signature verification 
system comprises a signature divider 22, a digest generator 
24, a decrypter 28, a public key memory 30, and a com- 
parator 32. 

A "signature-added message" is a document added Math 
an electronic signauirc for each divided message by the 
above-mentioned electronic signature addition system, as 
shown in FIG. 4. 

The signature divider 22 extracts a set of signature 
message and electronic signature from the signature -added 
message (step S31), as shown in FIG. 6. 

Several methods may be proposed for the above extrac- 
tion. One method is lo extract a signature message using the 
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same process as used by the delimiter character detector 2 
upon adding an electronic signature and at the same time 
extracting an electronic signature having a predetermined bit 
length and added to a position before or after the signature 

5 message. Another method is to detect a label consisting of ^ 
"##Signature=" and and easily extract each set of 

signature message and electronic signature when the label is 
added to part of the electronic signature as described above. 
Still another method is to detect a label consisting of 
"##SN=" and and easily extract each set of signahirc 
message and electronic signature when divided document 
information sandwiched by this label is added to each 
signamre message. 

The decrypter 28 shown in FIG. 5 decrypts the electronic 
signature using a public key of public key decryption 
scheme stored in the public key memory 30, thereby obtain- 
ing a digest (this wiU be defined as digest #1) (step S32). 

The public key here corresponds to the secret key used by 
the cncryptcr 8 in adding the electronic signature. In this 
embodiment, this public key is distributed to the receiver in 

20 advance and prcslorcd in correspondence with the signer 
information (signer ID) and the key ID inchided in the 
electronic signamre header (Table 1). The decrypter 28 can 
obtain the public key with reference to the electronic sig- 
nature header. Note that this public key may be stored in a 

25 public key server or public key daubasc. 

The digest generator 24 shown in FIG. 5 checks the 
electronic signature header to specify the same hash function 
as used by the digest generator 4 in adding the electronic 
signature, and applies the specified hash function to the 

30 extracted signature message. Therefore, a digest (this will be 
defined as digest #2) for this signature message is generated 
(step S33). 

The digest #1 generation process by the decrypter 28 and 
the digest #2 generation process by the digest generator 24 

35 may be sequentially or simultaneously performed. 

The comparator 32 compares digest #1 with digest #2 
(step S34 in FIG. 6). If these digests coincide with each 
other, the conresponding signature message is found not to 
have been altered. Verification result information for this 
signahirc message is defined as valid information (e.g., 1) 
(step S35). If these digests, however, do not coincide with 
each other, alteration of this signature message is detected. 
Verification result information of this signature message is 
defined as invalid information (e.g., 0) (step S36). For 

45 example, the verification result informatian may be added 
immediately before or after the corresponding electronic 
signature. Alternatively, when a sequence number sand- 
wiched by the label consisting of "##SN-" and is 
added to each signature message, a pair of sequence number 

5Q and verification result information may be recorded. 

The above processing is repeatedly performed until the 
end of document is detected in step S37 in FIG. 6. 

FIG. 7 is a fiow chart showing another signature verifi- 
cation processing sequence of the electronic signature veri- 

55 fication system. This sequence invalidates a whole docu- 
ment if at least one altered signature message is present in 
the document. 

In this case, the comparison in steps S31 to S34 and the 
detection of the end of document in step S37 are identical to 

60 those in FIG. 6. In the sequence of FIG. 7, however, when 
no coincidence is established in the comparison in step S34, 
nothing is recorded. When no coincidence is established in 
the comparison of step S34, the processing ends immedi- 
ately by abnormal termination. When the end of document 

65 is detected in step S37 and no alteration is detected in all the 
signature message, the processing ends by normal termina- 
tion. 
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When each lerrainal is capable of both data transmission 
and data reception, both the electronic signattire addition 
system function and the elecironic signature verification 
system function can be added to a computer. In this case, the 
constituent components of the delimiter character detector 2 5 
and the divider 22 can be shared. 

As described above, according to this embodiment, an 
electronic signature is added for each signature message 
(divided message). Even if an electronic document such as 
an E-mail is partially extracted and cited, alteration or the 
like of the cited portion can be verified. 

Control characters are preferably added to the divided 
document information and electronic signature (signalure 
header and signature body) of the signature message so as 
not to display ihem on a monitor or print them. 

Second Embodiment 

The second embodiment of the present invention will be 
described below. ^ 

In addition to the functions of the first embodiment, the 
second embodiment has a function of, when the meaning of 
a document is not changed, but the structure of the document 
is changed, processing this document as a non-altered docu- 
ment. The same reference numerals as in the first embodi- ^ 
ment denote the same parts in the second embodiment, and 
a detailed description thereof will be omitted. 

An elecironic signature addition system will be described 
first. 

FIG. 8 is a block diagram showing the arrangement of this 30 
system, and FIG. 9 is a flow chart showing a signature 
addition processing sequence. 

As ^own in FIG. 8, the electronic signature addition 
system comprises a delimiier/unpriniable character detector 
40, a digest generator 4, a dccryptcr 8, a secret key memory 35 

10, and a signature-added message generator 12. 

A data text in FIG. 8 is a whole text to be added with a 
signature, i.e., a normal document constituted by a plurality 
of sentences or paragraphs. 

The delimiter/unprintable character detector 40 has a ^ 
delimiter character detector 2 and an unprintable character 
excluding unit 41. The delimiter character detector 2 has a 
function of detecting a prcdctemiincd position or a plurality 
of delimiter characters from the data text and breaking up the 
data text into signature message each having a delimiter 
character at the end of the message and having an appro- 
priate length as in the first embodiment. The unprintable 
character excluding unit 41 has a function of excluding a 
predetermined unprintable character from a signature mes- 
sage (step S43 in FIG. 9). 

The delimiter character to be detected can be defined as a 
predetermined position or a plurality of characters as in the 
first embodiment, and a detailed description thereof will be 
omitted. Such delimiter characters are stored in a delimiter 
character list 14 in advance. 

An unprintable character is a character which is not 
printed, such as a space, tab, or line return. For example, 
such unprintable characters are enclosed within the range 
indicated by the thick line in the ASCII code table in FIG. 

11. These unprintable characters arc stored in an unprintable 
character list 42 (FIG. 8) in advance. 

Processing in the delimiter/unprintable character detector 
40 is shown in FIG. 10. 

The detector 40 extracts the first character from the data 65 
text (step S44). It is then determined whether the extracted 
character is a predetermined unprintable character registered 
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in the unprintable character list 42 (step S45). When the 
extracted character is not an unprintable character, i.e., when 
the extracted character is a printable character, it is deter- 
mmcd whether the extracted character is a predetermined 
delimiter character registered in the delimiter character list 
14 (step S46). If the extracted character is not a delimiter 
character, the extracted character is stored in a buffer (step 
847). The next character is extracted from the data text, and 
processing (344 to S46) is repeated. When the extracted 
character is a predetermined limitcr character, the stored 
character string is extracted as a signature message (divided 
message) as in the first embodiment, and the buffer is cleared 
(step S48). 

If it is determined in step S45 that the extracted character 
is not an unprintable character, the extracted character is not 
stored in the buffer. Tlie next character is extracted from the 
data text, and processing (S44 and 845) is repeated. That is, 
unprintable characters contained in the data text arc 
excluded in step S45, and only printable characters are sent 
to step S46. 

The signature message, i.e., the divided message obtained 
in this embodiment is data from which unprintable charac- 
ters are excluded, xmlikc the signature message or divided 
message in the first embodiment. 

The delimiter character determination (step S46) and the 
unprinuble character determination (step S45) may be per- 
formed in an order reverse to that in FIG. 10, or may be 
separately performed. In the latter case, two buffers must be 
used. 

The delimiterAmprintablc character detector 40 detects a 
delimiter character, but may deiea a delimiter character 
string. For example, a period or a line return which singly 
appears is not detected as a message deUmiter. Instead, when 
a period "." and a line return consecutively appear, a 
message delimiter may be determined. 

As shown in FIG. 10, this delimiter/unprintable character 
detector 40 also adds divided document information to a 
signature message (step 849). This divided document infor- 
madon is information corresponding to the sixth field in 
Table 1 previously described and also includes unprintable 
character exclusion information in addition to the informa- 
tion of the first embodiment 

Step 43 in FIG. 9 becomes complete by the above 
processing. 

As in the first embodiment, a digest is generated from a 
signature message (data from which unprintable characters 
are excluded and to which divided document information is 
added) in step 851. In step S52, the digest is encrypted using 
a secret key to generate an electronic signature. In step S53, 
this electronic signature is added as the 11th field to the 
signature message together with the electronic signature 
header (first to 10th fields) described using Table 1. 

This operation makes it possible to generate a pair of 
signature message (divided message) and electronic signa- 
ture. This processing is repeated until the end of data text is 
determined (step 854). As a result, signature-added message 
as in FIG. 4 can be obtained. 

An electronic signature verification system of this 
embodiment will be described below. 

FIG. 12 shows the arrangement of this system, and FIG. 
13 is a flow chart showing the processing of the system. 

The electronic signature verification system of this 
embodiment is substantially the same as that of first embodi- 
ment in that the system of the second embodiment comprises 
an unprintable character excluding unit 55, as shown in FIG. 
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12. The same reference numerals as in the first embodiment 
denote the same parts, and a detailed encryption thereof will 
be omitted. The same processing steps as in the first embodi- 
ment in the processing steps of FIG. 13 denote the same 
operations, and a detailed dcscriptioo thereof will be omit- 5 
ted. 

The unprintable character exchiding unit 55 excludes 
predetermined unprintable characters from a signature mes- 
sage using the same unprintable list 42 as used in the 
electronic signature addition system of the first embodiment 
(step S56 in FIG. 13). In this case, it is preferable to detect 
that unprintable characters have been excluded from the 
signature message with reference to unprintable character 
exclusion information contained in the divided docxmient 
information (corresponding to the sixth field of Table 1). 

The digest generator 24 generates a digest (this will be 
defined as digest #2) for the generated processed signature 
message in accordance with the same hash function 6 as in 
the electronic signature addition system (FIG. 6) (step S33). 

The digest #1 generation processing by the decrypter 28 
and the digest #2 generation processing by the unprintable 
character excluding unit 23 and the digest generator 24 may 
be performed .in this order or reversed order, or simulta- 
neously. 

A comparator 32 compares digest #1 with digest #2 (step 
S34 in FIG. 13), If digest #1 coincides with digest #2, the 
signature message is found not to have been altered. TTie 
verification result information of this signature message is 
set as valid information (e.g., 1) (step S35). If these digests, 
however, do not coincide with each other, alteration of this 
signature message is detected. Vferification result informa- 
tion of this signature message is defined as invalid informa- 
tion (e.g., 0) (step S36). For example, the verification result 
information may be added immediately before or after the 
corresponding electronic signature. Alternatively, when a 
sequence number sandwiched by the label consisting of 
"##SN=" and "##" is added to each signature message, a 
pair of sequence number and verification result information 
may be recorded. 

The above processing is repeatedly performed until the ^ 
end of document is detected in step S37 in FIG. 6. 

FIG. 14 is a flow chart showing another signature veri- 
fication processing sequence of the electronic signature 
verification system. This sequence invalidates a whole docu- 
ment if at least one altered signature message is present in 
the document, as in the case described with reference to FIG. 
7 in the first embodiment. This sequence has been described 
in the first embodiment, and a detailed description there of 
will be omitted. 

In the second embodiment as well, one terminal can have 5Q 
the electronic signature addition system function and the 
electronic signature verification system function. In this 
case, the constituent components of the delimiter character 
detector, the unprintable character excluding unit, the digest 
generator, and the hash function can be shared. 55 

According to the second embodiment, the same cflfect as 
in the first embodiment can be obtained. In addition, the 
following effects are also obtained. 

More specifically, in the second embodiment, even if a 
person who has received an E-mail inserts, in good faith, a 60 
control character (e.g., a space or line return) not associated 
with the meaning of the document and transmits the result- 
ant document to a third party, the unprintable characters can 
be excluded to determine a valid document. The document 
can be handled as a non-altered document. 65 

According to this embodiment, even if a person who has 
received an E-mail deliberately alters the document 
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(changes the meaning of the document) and atlds several 
unprintable characters in the altered document to allow 
generation of the same message digest, these unprintable 
characters arc excluded to determine an invalid document. 
Therefore, alteration of the document can be detected. 

In the second embodiment, the document is divided into 
predetermined paragraphs as in the first embodiment. 
However, such division need not be performed, and unprint- 
able characters may be excluded from the entire data text. In 
the second embodiment, for example, this system can be 
easily arranged by omitting a constituent portion for detect- 
ing a delimiter character to generate a signature message, 
i.e., a constiment portion for dividing the data text in units 
of signature message. That is, on the electronic signature 
addition system side, a predetermined unprintable character 
is deleted from the data text to generate a digest, the digest 
is encrypted, and the resultant electronic signature is added 
to the data text. On the other hand, on the electronic 
signature verification system side, the predetermined 
unprintable character is deleted from the received data text 
to generate digest #1, the electronic signature added to the 
data text is decrypted to generate digest #2, and digest #1 is 
compared with digest #2. 

Third Embodiment 

The third embodiment of the present invention will be 
described with reference to HOS. 15 to 18. 

As described with reference to the prior art, a person who 
intends to alter a document implements document alteration 
such that the message digest of the altered document coin- 
cides with that of the document before alteration. For this 
purpose, an unprintable character is often used. 

In this embodiment, the total number of printable char- 
acters and the total number of unprintable characters are 
substituted into a predetermined calculation expression to 
obtain a reliability evaluation value, as vrill be described 
below. 

Let m be the number of characters of a document. 

It is possible to insert one unprintable character in this 
document to obtain the same message digest without chang- 
ing the contents of the document. The number of corrupt 
digests is expressed by the product of the types p of 
unprintable characters to be inserted and positions (m+1) 
where the unprintable characters are inserted: 

I,-/w(ni+l) 

Li=(number of digests generated by addition of one 
unprintable character) 

p-(number of types of unprintable characters) 

m-(number of document characters) 

When two unprintable characters are to be added, the 
number of combinations of two elements is p^, and their 
positions can be approximated by the product of insertable 
positions (m+1) of the first clement and inserUble positions 
(m+2) of the second element. For this reason, when k 
unprintable characters are added, the number L of corrupt 
digests is given by; 

£,4-(p'Jt)x(m+l><(/m-2)x . . . x(m+fr) 

Lt=(number of digests generated by adding k unprintable 
characters) 

p»(number of types of unprintable characters) 
m-(number of document characters) 
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ko(number of unprintable characters) 

If the bit length of a message digest is defined as L, the 
number of message digests generated by a valid means is 
2'L. The ratio of the number L,. of comipt message digests 
to the nttmbcr 2'h serves as a reliability index for the 
message digest. 

r-(p-jl)x(ffl+l)x(jn+2>< . . . >c(ff.+*y(21) 

P"(number of types of unprintable characters) 

m=^number of document characters) 

k-(numbcr of unprintable characters) 

L=(bit length of message digest) 

FIG. 15 shows the calculation result of the maxiraimi 
number of unprintable characters alterable with T«0.0001, 
it., a probability of 1/10,000 by using the number of 
documeni characters (number of valid characters) and the bit 
length of the digest In this case, the number of types of 
unprintable characters is 34. 

According to the above result, when a 128-bii message 
digest is generated for a document having 1,000 (nearly 
equal 210) characters, the reliability of the digest is suffi- 
ciently high (alteration probability is 1/10,000 or less), 
provided that the number of unprintable characters is 7 or 
less. A higher reliability degree is required depending on the 
types of dociunents. However, a desired reliability degree 
can. be assured by performing similar calculations. A C 
language program used in this calculation is shown in FIG. 
16. 

FIG. 17 is a block diagram showing the arrangement of a 
reliability evaluation system of this embodiment. FIG. 18 is 
a flow chart showing a reliability evaluation processing 
sequence of this reliability evaluation system. 

The reliability evaluation system is installed in the recep- 
tion terminal device. As shown in FIG. 17, the reliability 
evaluation system comprises a character counter 60, a reh- 
ability calculation unit 61, and an evahiation unit 62. 

The character counter 60 extracts characters one by one 
from one signature message (step S63) to determine whether 
the extracted character is printable (step S64). If YES in step 
S64, one is added to m (step S65); otherwise, one is added 
to k (step S66). Steps S63, S64, and S65 or steps S63, S64, 
and S66 are executed until one signature message is com- 
plete in step S67, thereby counting the number m of print- 
able characters and the number k of unprintable characters. 

The reliability calculation unit 61 calculates the reliability 
in accordance with, e.g., the program shown in FIG, 16 (step 
S68). 

The evaluation unit 62 determines whether the resultant 
reliability value is equal to or smaller than a predetermined 
threshold value (0.0001 in this case) (step S69). If the 
reliability value exceeds the threshold value, a message 
representing that the document may have been altered is 
displayed on a display device (not shown) or the like, 
thereby generating an alarm (step S70). 

After this reliability evaluation processing, predetermined 
electronic signature verification processing (e.g., conven- 
tional electronic signature verification in FIG. 21 or elec- 
tronic signature verification of the first embodiment) is 
performed (step S71). 

As described above, according to this embodiment, the 
reliability of the electronic signature is calculated on the 
basis of the total number of printable characters and the total 
number of unprintable characters, thereby evaluating the 
alteration possibility. An alarm or the like can be generated, 
as needed. 

Each apparatus of each embodiment can be arranged by 
hardware, and portions for performing processing operations 
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can be arranged by software. In addition, for example, a 
program for executing the corresponding processing 
sequence may be stored as a program for controlling a 
computer in a computer-readable storage medium, the com- 
puter may be made to read out the program from the storage " 
medium, and the readout program may run on the computer. 

The present invention is not limited to the particular 
embodiments described above. Various changes and modi- 
fications may be made within the technical scope of the 
present invention. 

Additional advantages and modifications will readily 
occur to those skilled in the art. Therefore, the mvention in 
its broader aspects is not limited to the specific details and 
representative embodiments shown and described herein. 
Accordingly, various modifications may be made without 
departing from the spirit or scope of the general inventive 
concept as defined by the appended claims and their equiva- 
lents. 

Wc claim; 

1. Amethod of adding an electronic signature to document 
data, comprising the steps of: 

dividing the document data into a plurality of divided 
documeni data using as a delimiter a predetermined 
character appearing in a document represented by the 
document data; 

generating an electronic signature for each of the divided 
document data on the basis of the divided document 
data; and 

storing the divided document data, the electronic signa- 
ture based on the divided document data, and informa- 
tion for associating the divided document data vdth the 
electronic signature. 

2. A method according to claim 1, wherein the informa- 
tion for associating the divided document data with the 
electronic signature contains: 

information about division of document data contained in 

the divided document data; and 
non-encrypted information about division of document 

data contained in the electronic signature. 

3. Amethod according to claim 1, further comprising the 
step of excluding from the document data an unprintable 
character appearing in the document data and storing the 
excluded unprintable character. 

4. A method of verifying the electronic signature gener- 
ated by the method of claim 1, comprising the step of, when 
the divided document data added with the electronic signa- 
ture is contained in the received documeni data, determining 
the validity of the document for each divided document data 
on the basis of information for associating the divided 
document data with the electronic signature. 

5. Amethod of adding an electronic signature to document 
data, comprising the steps of: 

storing the document data upon excluding a predeter- 
mined character appearing in a document represented 
by the document data; 

generating an electronic signature on the basis of the 
document data from which the predetermined character 
is excluded; and 

storing the document data from which the predetermined 
character is not excluded, the electronic signature, and 
information for associating the electronic signature 
with the document data from which the predetermined 
character is not excluded. 

6. A method according to claim 5, wherein the predeter- 
mined character is an unprintable character. 

7. A method according to claim 5, wherein the informa- 
tion for associating the electronic signature with the docu- 
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ment data contains inform aiion associated with exclusion of 
the predetermined character. 

8. A method of verifying the electronic signature gener- 
ated by the method of claim 5, comprising the step of 
excluding the predetermined character from the document 
data on the basis of information for associating the elec- 
tronic signature with the document data and determining the 
validity of the document data on the basis of the electronic 
signature and data from which the predetermined character 
is excluded. 

9. A method of evaluating reliability associated with 
alteration of document data with an electronic signature, 
comprising the steps of: 

obtaining a total number of printable characters in the 
document data and a total number of unprintable char- 
acters in the document data; and 

evaluating reliability on the basis of the total numbers of 
printable and unprintable characters. 

10. A method according to claim 9, wherein the step of 
evaluating reliability comprises 

calculating a reliability value T by: 

r-(p-Jt)x(ni+l>c(m+2)x . . . x(m+ty(2*l) 

where p is the number of types of unprintable characters, 
m is the number of document characters, k is the 
number of printable characters, and L is the bit length 
of a message digest, and 

evaluating reliability of the signature information by 
comparing the obtained reliability value T and a pre- 
determined threshold value. 

11. An apparatus for adding an electronic signature to 
document data, comprising: 

input means for the document data; 

means for dividing the input document data into a plu- 
rality of divided document data using as a delimiter a 
predetermined character appearing in a document rep- 
resented by the document data; 

means for generating an electronic signature based on the 
divided document data for each divided document data; 
and 

means for outpulting the divided document data, the 
elcctiTsnic signature based on the divided document 
data, and information for associating the divided docu- 
ment data with the electronic signature. 

12. An apparatus according to claim 11, further compris- 
ing means for making the information for associating the 
divided document data with the electronic signature contain 
information about division of document data contained in 
the divided document data, and non-encrypted information 
about division of document data contained in the electronic 
signature. 

13. An apparatus according to claim 11, further compris- 
ing means for excluding from the document data an unprint- 
able character appearing in the document data and storing 
the excluded unprintable character. 

14. An apparatus for verifying the electronic signature 
generated by the apparatus of claim 1, comprising means for, 
when the divided document data added with the electronic 
signature is contained in the received document data, deter- 
mining the validity of the document for each divided docu- 
ment data on the basis of information for associating the 
divided document data with the electronic signature. 

15. An apparatus for adding an electronic signature to 
document data, comprising: 

input means for the document data; 



IS 



20 



25 



30 



35 



40 



45 



50 



55 



60 



65 



means for storing the doctmient data upon excluding a 
predetermined character appearing in a document rep- 
resented by the document data; 

means for generating an electronic signamre on the basis 
of the document data from which the predetermined 
character is exchided; and 

means for storing the document data from which the 
predetermined character is not excluded, the electronic 
signature, and information for associating the elec- 
tronic signature with the document data from which the 
predetermined character is not excluded, 

16. An apparatus according to claim 15, wherein the 
predetermined character is an unprintable character. 

17. An apparatus according to claim 15, further compris- 
ing means for making the information for associating the 
electronic signature with the document data contain infor- 
mation about exclusion of the predetermined character. 

18. An apparatus for verifying the electronic signature 
generated by the apparatus of claim 15, comprising means 
for excluding the predetermined character from the docu- 
ment data on the basis of the information for associating the 
electronic signature with the document data and determining 
the validity of the document data on the basis of the 
electronic signature and data from whidi the predetermined 
character is excluded. 

19. An apparatus for evaluating reliability associated with 
alteration of document data with an electronic signature, 
comprising: 

means for obtaining a total number of printable characters 
in the document data and a total number of unprintable 
characters in the document data; and 

means for evaluating reliability on the basis of the total 
numbers of printable and unprintable characters. 

20. An apparatus according to claim 19, wherein said 
means for evaluating reliability 

calculates a reliability value T by: 

7--(p'ir)x{m+l)x(m+2)x . . . x(m-^k)/{2'l) 

where p is the number of types of unprintable characters, 
m is the number of document characters, k is the 
number of printable characters, and L is the bit length 
of a message digest, and 

evaluates reliability of the signature information by com- 
paring the obtained reliability value T and a predeter- 
mined threshold value. 

21. A computer program product for causing a computer 
system to execute processing for adding an electronic sig- 
nature to document data, comprising: 

a recording medium; 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium to divide the 
document data into a plurality of divided document 
data by using as a delimiter a predetermined character 
appearing in a document represented by the document 
data; 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium to generate an 
electronic signature based on the divided document 
data for each divided document data; and 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium to store the 
divided document data, the elecUonic signature based 
on the divided document data, and information for 
associating the divided document data with the elec- 
tronic signature. 
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22. A produci according lo claim 21, wherein the infor- 
mation for associating the divided document data with the 
electronic signature contains: 

information about division of document data contained in 
the divided document data; and ^ 

non-cncryptcd information about division of document 
data contained in the electronic signature. 

23. A product according to claim 21, further comprising 
means for supplying to said computer system an instruction 
recorded on said recording medium to exclude an unprint- 
able character appearing in the document data and storing 
the unprintable character. 

24. A computer program produci for causing a computer 
system to verify the electronic signature generated in claim 
21, comprising: 

a recording medium; and 

means for, when the divided document data added with 
the electronic signature is contained in the received 
document data, supplying to said computer system an 20 
instruction recorded on said recording medium to deter- 
mine the validity of the document for each divided 
document data on the basis of information for associ- 
ating the divided document data with the electronic 
signature. 25 

25. A computer program product for causing a computer 
system to execute processing for adding an electronic sig- 
nature to document data, comprising: 

a recording medium; 

means for supplying lo said computer system an instnic- ^0 
don recorded on said recording medium to exclude a 
predetermined character appearing in a docimiem rep- 
resented by the document data and store the excluded 
predetermined character; 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium to generate an 
electronic signature on the basis of the document data 
from which the predetermined character is excluded; 
and 

means for supplying to said computer system an mslruc- 
tion recorded on said recording medium to store the 
document data from which the predetermined character 
is not excluded, the electronic signature, and informa- 
tion for associating the electronic signature with the 
document data from which the predetermined character 
is not excluded. 

26. A produci according to claim 25, wherein the prede- 
termined character is an unprintable character. 
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27. A produci according to claim 25, wherein the infor- 
mation for associating the electronic signature with the 
document data contains information about exclusion of the 
predetermined character 

28. A computer program product for causing a computer 
system to verify the electronic signature generated by the 
product of claim 25, comprising: 

a recording medium; and 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium to exclude- a 
predetermined character from the document data on the 
basis of the information for associating the electronic 
signature with the document data and determine the 
validity of the document on the basis of the electronic 
signature and data from which the predetermined char- 
acter is excluded. 

29. A computer program product for causing a computer 
system to evaluate reliability associated with alteration of 
document data added with an electronic signaftire, compris- 
ing: 

a recording medium; 

means for supplying to said computer system an instruc- 
tion recorded on said recording medium lo obtain a 
total number of printable characters in the document 
data and a total number of unprintable characters in the 
document data; and 

means for supplying to said computer system an mstruc- 
tion recorded on said recording medium to evaluate 
reliability on the basis of the total numbers of printable 
and unprintable characters. 

30. A product according to claim 29, wherein said means 
for evaluating reliability causes said computer system to 
perform processing for 

calculating a reliability value T by: 

r-(p-t)xCm+l)xCm+2)x . . . x(m+k)/{ri) 

where p is the number of types of unprintable characters, 
m is the number of document characters, k is the 
number of printable characters, and L is the bit length 
of a message digest, and 

evaluating reliability of the signature information by 
comparing the obtained reliability value T and a pre- 
determined threshold value. 

* * * * * 



08/06/2003, EAST Version: 1.04.0000 



